[FFmpeg-cvslog] idcin: check chunk_size value before using it

Mon Oct 15 17:54:13 CEST 2012

ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Mon Oct 15 15:48:13 2012 +0000| [295218f531528d18f0f21937d3ddf28318898a7c] | committer: Paul B Mahol

idcin: check chunk_size value before using it

Fixes integer overflow. Fixes CID732223.

Signed-off-by: Paul B Mahol <onemda at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=295218f531528d18f0f21937d3ddf28318898a7c
---

 libavformat/idcin.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/idcin.c b/libavformat/idcin.c
index f1df002..bede040 100644
--- a/libavformat/idcin.c
+++ b/libavformat/idcin.c
@@ -256,6 +256,8 @@ static int idcin_read_packet(AVFormatContext *s,
         chunk_size = avio_rl32(pb);
         /* skip the number of decoded bytes (always equal to width * height) */
         avio_skip(pb, 4);
+        if (chunk_size < 4)
+            return AVERROR_INVALIDDATA;
         chunk_size -= 4;
         ret= av_get_packet(pb, pkt, chunk_size);
         if (ret < 0)

